Author: alec-guest Date: 2006-07-05 19:45:11 +0000 (Wed, 05 Jul 2006) New Revision: 4335 Modified: data/CVE/list Log: * CVE-2006-3174, CVE-2006-2842 (squirrelmail): fixed, both flaws theoretical/low-impact/disputed Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-07-04 23:32:26 UTC (rev 4334) +++ data/CVE/list 2006-07-05 19:45:11 UTC (rev 4335) @@ -326,8 +326,7 @@ CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...) NOT-FOR-US: mcGuestbook CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...) - NOTE: unreproducable - - squirrelmail <not-affected> (bug #375782; low) + - squirrelmail 2:1.4.7-1 (bug #375782; low) [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported) CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) TODO: check @@ -1114,7 +1113,7 @@ CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...) NOT-FOR-US: Kayako liveResponse CVE-2006-2842 (** DISPUTED ** ...) - - squirrelmail <unfixed> (unimportant) + - squirrelmail 2:1.4.7-1 (unimportant) NOTE: Only exploitable with register_globals enabled CVE-2006-XXXX [XSS vulnerability in dokuwikis''s "Fullname" and "E-Mail" fields] - dokuwiki <unfixed> (medium)